What is Detectify?

Detectify Labs

A security research blog

CSP flaws: cookie fixation

Cookie fixation CSP Mathias Karlsson
Most read articles
How I made LastPass give me all your passwords » Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token » Chrome Extensions – AKA Total Absence of Privacy »

postMessage XSS on a million sites

AddThis Mathias Karlsson postmessage
Get research and tips from Detectify security experts and the Crowdsource hacker community Time... to subscribe to the Detectify Monthly Round-up

The pitfalls of postMessage

Mathias Karlsson postmessage

Combining host header injection and lax host parsing serving malicious data

bug bounty Fastly Frans Rosén Heroku Mathias Karlsson

The story of EV-SSL, AWS and trailing dot domains

Frans Rosén Hostile Subdomain takeover SSL

Using Chrome’s web-custom-data UTI to inject a stored XSS in Slack

Frans Rosén Slack XSS

How I made LastPass give me all your passwords

Cross Site Scripting Lastpass Mathias Karlsson XSS

What HPKP is but isn’t

HPKP HTTP public key pinning

7 tools that have influenced the reversing community

DRM reverse engineering

Fusion Challenges – level02 Write-up

binary exploitation Fusion challenges return-oriented programming
Like what you read? Start securing your web apps with tech powered by Detectify Labs contributors Start a 2-week free trial of Detectify and see the difference for yourself
What is Detectify? Subscribe to newsletter Sign up for a free trial »
A security service for developers.